The bill encourages companies to share cyber threat indicators (CTIs) with the government, but defines CTIs so broadly that government could easily get it hands on personally identifiable information (PII) unrelated to potential cyber attacks. DHS agrees with TechFreedom that the “expansive definitions of [CTIs]” could “sweep away important privacy protections,” creating serious privacy and civil liberties concerns. Like past bills, CISA also contains measures requiring “real-time” sharing of information and ensuring that CTI’s not be “subject to any delay, modification, or any other action that could impede real-time receipt by all of the appropriate Federal entities.”

Notwithstanding privacy concerns, sharing of PII could slow the analysis process, as Admiral Mike Rogers, Director of the NSA and Cyber Command, explained to Congress, Indeed, 67 leading technologists have sent a letter to congress explaining how the kind of data that information security personnel need to protect networks would not contain the types of PII that cause some of the greatest privacy concerns.

We hope that the Senate will take into account the Department’s concerns along with those TechFreedom has outlined.

Tech Freedom is a non-profit, non-partisan technology think tank launched in 2011. TechFreedom is excited about the future. Focusing on issues of Internet freedom and technological progress, we work to protect innovation and discovery from powers that fear change. Technology is the great driver of social progress and human well-being, and we aim to keep it that way.